SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Enthusiast VideoWhisper's Avatar
    Join Date
    Dec 2008
    Posts
    93
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Post VideoWhisper php site hacked and fixed

    On 15.08.2009 we discovered that our site has been hacked.

    Attacker inserted malicious html content that loaded pages from his davtraff com site using invisible iframes probably to generate fake traffic. All index.php, .htm, .html files were corrupted by adding html code with invisible iframes at their end.

    Our developers built a script that found and removed all malicious content.
    Now http://wam.dasient.com/wam/ shows: 0 infected pages of all 33 pages quick scanned.

    PM if you need this php script. It scans all site files for certain strings and code and can also remove certain code. We’ll probably release it to the public domain when this is cleared up and have time to write some small docs for it.

    Looks like the source of the problems came from a htmlarea component. Attacker managed to upload a .jpg.php file and various exploits from there. We removed it completely.

    Our site was also blacklisted today by google/firefox/chrome. We already posted a review request as we found and fixed the problems fast.

    http://www.google.com/safebrowsing/d...deowhisper.com shows at this moment:

    What is the current listing status for videowhisper.com?

    Site is listed as suspicious - visiting this web site may harm your computer.

    Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

    What happened when Google visited this site?

    Of the 4 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-08-14, and the last time suspicious content was found on this site was on 2009-08-14.

    Malicious software is hosted on 1 domain(s), including davtraff.com/.

    This site was hosted on 2 network(s) including AS21844 (THEPLANET), AS36351 (SOFTLAYER).

    Has this site acted as an intermediary resulting in further distribution of malware?

    Over the past 90 days, videowhisper.com did not appear to function as an intermediary for the infection of any sites.

    Has this site hosted malware?

    No, this site has not hosted malicious software over the past 90 days.

    How did this happen?

    In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
    We removed vulnerability, fixed content, changed passwords, requested review from google.

    If you have any suggestions or comments we would be happy to hear those.
    Last edited by Dan Grossman; Aug 15, 2009 at 07:45. Reason: Self-promotion removed; this is a forum not a press release service

  2. #2
    SitePoint Addict reboltutorial's Avatar
    Join Date
    Jan 2009
    Posts
    309
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can easily detect hacked pages with Rebol in just 3 lines
    http://reboltutorial.com/blog/monitor-website/

    Rebol has integrated checksum, a console and a visual GUI which is very suitable for Admins and Webmasters Jobs.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •